3

我有一个需要 HTTP 基本身份验证的 Spring Web 服务,我正在尝试通过 Javascript 访问它。

我的 Spring 安全配置具有以下定义:

<security:http create-session="stateless"> 
    <security:http-basic />
    <security:intercept-url pattern="/item/**"
        access="ROLE_ADMIN,ROLE_USER" />
</security:http>

    <security:authentication-manager>
    <security:authentication-provider>
        <security:user-service>
            <security:user name="Aladdin" password="open sesame"
                authorities="ROLE_USER, ROLE_ADMIN" />
        </security:user-service>
    </security:authentication-provider>
</security:authentication-manager>

我的 Javascript 客户端正在相应地设置 Authentication 标头。但是我总是会得到 401 的回复:

Request URL:http://localhost:8080/item
Request Method:GET
Status Code:401 Full authentication is required to access this resource

Request
Accept:application/json, text/javascript, */*; q=0.01
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Authorization:BASIC QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Cache-Control:no-cache
Connection:keep-alive
Cookie:JSESSIONID=x8foxdzzuc8g1cqnhxj34u4tv
Host:localhost:8080
Pragma:no-cache
Referer:http://localhost:8080/index.html
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5
X-Requested-With:XMLHttpRequest

Response:
Cache-Control:must-revalidate,no-cache,no-store
Content-Length:1461
Content-Type:text/html;charset=ISO-8859-1
Server:Jetty(8.1.3.v20120416)
WWW-Authenticate:Basic realm="Spring Security Application"

我的请求中是否缺少某些内容?我使用 Wikipedia 的用户/密码示例来确保编码没有混乱 - 它与此处的示例匹配

4

1 回答 1

1

问题比我想象的要简单——授权标头应该说“基本”而不是“基本”。只是改变它修复了整个事情。

于 2012-06-26T06:47:38.870 回答